Aggregator

日前，市场监管总局发布《网络交易合规数据报送管理暂行办法》。市场监管总局网监司相关负责人就涉及《办法》的相关问题回答记者提问。

近期，百度副总裁谢广军13岁的女儿因“饭圈”矛盾被卷入“开盒”事件。此次事件的特殊性在于施害者为未成年人，且隐私泄露的源头指向海外“社工库”，一个非法收集和交易个人信息的黑产数据库，引发公众对企业数据安全机制的广泛担忧和质疑。

整体部署既满足了企业对数据跨境流动的迫切需求，又确保了数据安全可控，为数字经济高质量发展提供了坚实保障，标志着北京在全球数据治理领域迈出坚实而关键的一步。四个关键词来概括北京数据跨境流动便利化改革2.0版本的实施方案。

为规范人工智能技术服务应用，维护国家安全和社会公共利益，国家互联网信息办公室会同多部门发布的《人工智能生成合成内容标识办法》，秉持兼容并蓄的理念，通过技术手段管理技术问题，探索科学高效的治理手段。

2024年12月31日，国家发展改革委等三部门发布《国家数据基础设施建设指引》，提出建设“高速互联、高效调度、开放普惠、安全可靠的国家数据基础设施”。以标准为引领，建设横向连通、纵向贯通、协调有力的全国一体化国家数据基础设施正式启幕。

近期，网信部门会同体育主管部门依法严惩拉踩引战和攻击谩骂等行为，清理违法违规信息160万余条，处置账号7.6万个，其中关闭账号3767个，切实维护清朗网络空间，为运动员积极备战和体育赛事顺利举办营造良好舆论氛围。

近日，市场监管总局印发《网络交易合规数据报送管理暂行办法》，规范网络交易合规数据报送行为，发挥数据在平台经济治理中的关键要素作用，引导平台企业合规经营，提升网络交易监管效能，促进平台经济健康发展。

Gaming community Steam appeared most often in phishing emails and texts detected by Guardio in Q1 2025

敏感信息泄露常见但难以追踪，本文结合OWASP场景深入分析，提供利用与防护建议。

A vulnerability classified as problematic has been found in Google Go 1.23/1.24. Affected is an unknown function of the component net-http. The manipulation leads to http request smuggling. This vulnerability is traded as CVE-2025-22871. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Fortinet FortiSIEM up to 6.5.1/6.6.3/6.7.2/7.0.0. It has been rated as very critical. This issue affects some unknown processing of the component GUI. The manipulation leads to relative path traversal. The identification of this vulnerability is CVE-2023-40714. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OSRF ROS Indigo Igloo/Kinetic Kame/Melodic Morenia. It has been declared as critical. This vulnerability affects the function yaml.load of the component dynparam. The manipulation leads to deserialization. This vulnerability was named CVE-2024-39780. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

Currently trending CVE - Hype Score: 26 - A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative ...

本文深入剖析D-Link DWR-932B路由器的固件安全，揭示可能导致攻击者未经授权访问和控制设备的严重漏洞，包括硬编码凭据、弱根密码以及管理与更新机制中的关键缺陷，如未认证的远程命令执行和不安全的固件更新协议。研究采用静态与动态分析相结合的方法，并通过逆向工程定位问题。本文可能存在一些不足，请大家斧正！此分析提醒人们在不断扩展的IoT生态系统中，强化安全实践的重要性，适合安全爱好者、网络管理员

一项对年轻男性的研究发现，冷水浸泡可能会使身体更健康，并在细胞层面预防疾病、延缓衰老。在研究中，共有 10 名健康男性接受了浸泡实验，他们连续 7 天浸泡于 14°C 的冷水中 1 小时，并由研究人员在适应期前后采集血液样本，以分析他们的细胞反应。研究显示，尽管高强度冷应激最初会导致自噬功能失调，但持续一周的暴露使自噬活性增强并同时减少细胞损伤信号。研究为冷水浸泡的效果提供了科学支持，凸显了适应性方案在提升人类健康中的重要性，尤其适用于暴露于极端温度的场景。需要注意的是，该研究结果仅适用于年轻男性，其他人群的效果仍需进一步研究。

Даже анализ сетевого трафика не всегда выдаёт его присутствие.

The UK’s data protection regulator says it is overwhelmed with complaints from the public

不会绕WAF？那还不进来学习！一文教会你绕WAF思维，以及绕WAF的payload构造原理！

The NCSC’s CEO, Richard Horne on the new cyber governance resources giving Boards the tools they need to govern cyber security risks.

Apple backports three critical vulnerabilities actively exploited in attacks against older iOS and macOS models. Apple has backported fixes for three actively exploited vulnerabilities to older devices and OS versions. The three vulnerabilities are: Apple released the following updates: that are available for the following devices: Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, newsletter)